America’s biggest bank JP Morgan Chase announced last week that it was the latest victim of a major security breach. According to their regulatory filing, data from nearly 80 million customers was exposed in a successful hacking attempt earlier this year. Though the bank was quick to emphasize that our money and most sensitive bits of info such as dates of birth, social security, passwords and IDs weren’t stolen, names, addresses, emails and phone numbers were – all which could be used to facilitate an identity theft, but which aren’t considered protected or sensitive in most cases. While it’s troubling that the country’s number one bank got hacked, what’s even more worrying is that the media, the public, and even Wall Street seemed to shrug it off and carry on.
What this means for you:
Americans seem to be developing what some analysts are dubbing data breach fatigue: everytime we look up, yet another high-profile company or livelihood staple has been hacked. The list reads like a modern family’s honey-do list: Target, Home Depot, Neiman Marcus, EBay, UPS, Apple, Nintendo, Sony, Albertsons, SuperValu, CHS, etc. There have been nearly 600 data breaches reported this year, up 27% over last year, and we aren’t even done with 2014. Fortunately, only a small percentage of the total population have been negatively impacted in a signficant way, though most of us have probably had one or more credit cards get canceled and replaced for fraudulent activity. What this is leading to is the general perception that these data breaches are “bad” only in a vaguely annoying way, and there is not much that an average person can do to protect themselves, “Heck, if JP Morgan can’t figure out how to keep the hackers at bay, how can I ever stand a chance?”
While it’s true you can’t stop JP Morgan from getting hacked, you can make it harder for cybercriminals to hack you: don’t give in to the fatigue – make them fight for every bit they try to steal from you. Change your passwords regularly, and use unique passwords for your important accounts. Keep a close eye on your credit card statements and your credit history. Make sure your all computers you use have up-to-date and functioning antivirus software. Avoid email attachments and unfamiliar websites. What was once considered “paranoia-level” precautions are the new standard of online safety. Considering that nearly half of Americans adults have had some form of their personal data stolen through an online breach, it’s safe to say that “they” are out to get you – paranoia or not.
Supermarket chains Supervalu, Albertons and Jewel-Osco have joined the illustrious list of large retailers hacked (presumably) for their vast datastores of shopper identities and credit card information. Investigation is still ongoing in both cases as to whether hackers actually managed to retrieve shopper data during the breaches, and whether the data is being used illegally elsewhere. Though the details of the hacks have not been revealed, security analysts are speculating that the hackers probably compromised point-of-sale machines, similar to the attacks that breached Target in 2013.
What this means for you:
As you can imagine, based upon the difficulties of trying to secure your own personal devices, securing a large network of heavily used and highly exposed computers is tricky business. Even the slightest misstep can lead to cybercriminals pouncing on you like a pack of wild hyenas. Large chains like the ones affected above are continuously under attack from multiple vectors primarily because of the type of data hackers absolutely know they have. The best way to descibe the current war between corporate enterprise and cybercriminals would be that of a siege, with the “good guys” turtling up behind walls that being hammered on relentlessly. And as in any siege, even the smallest breach of that wall can lead to a complete razing of the besieged. Unfortunately, the good guys are struggling to innovate as fast as the bad guys who are heavily invested in winning these types of battles, as the stakes can result in huge payoffs in stolen credentials.
As mentioned, none of the supermarket chains have verified that data has been stolen, but if you happen to shop at any of the listed establishments with your credit card, you may want to consider having your credit card company issue you a new number.